I’m a forgetful guy. As I opened up WordPress to write this blog post, during the few seconds it took to type in the post’s title, I forgot what I was going to write about. That’s how forgetful I am.

Now that I’ve remembered, after about 30 seconds of scratching my head, I realized that anecdone would be a good way to start talking about the second way I love Firefox 3.

As a guy that quickly loses his train of thought (usually loudly, and into a river at the bottom of the ravine underneath a missing bridge), anything that interrupts my workflow is a bad thing. Firefox 3 does away with a number of things that used to interrupt me.

One of the big ones is the new way Firefox asks if I’d like to save a password. Instead of popping up an incredibly distracting modal dialog box, an unobtrusive strip appears at the top of the browser offering to save the password:

I can keep on working, and deal with the password issue at my leisure. Usually when I log in, there’s something I need to look at or write up quickly before I forget to deal with it, so this is a huge relief for me.

Another big help for my addled brain is this: I often get (via mail or IRC) links to web pages including content I need to deal with. Sometimes it’s an article I need to edit, sometimes it’s something I need to read. Often it’s just something I need to refer to while I do other work.

And, often, I don’t have time to deal with it right away. So I leave the tab open, waiting for me to be ready to deal with the material.

Sometimes these tabs stay open for weeks.

And eventually, for whatever reason, I’m guaranteed to have to quit Firefox.

Firefox 3 — joy of joys — remembers all my tabs and loads them right back up for me when I start it again. No more having to bookmark every single page I might ever have to find again. I can quit and restart at my slightest whim, safe in the knowledge that I won’t lose some important thing that I need to deal with… someday.

While I like the dialog strip for the reasons mentioned, I can’t fathom why it appears *inside* the browser window. How easy would that be to fake? Surely this will be a security nightmare once people are comfortable with system messages appearing there.

What cases of use of the dialog strip are there that are a security concern? I’ve only seen it used to ask if you want to save a password, which doesn’t make your password less secure that I can think of, and also to notify you about certain types of updates.

I’m not saying the current uses of the dialog strip are a concern. The concern is that system messages appear within the browser window at all.

If people become accustomed to system messages within the browser window they will be less able to discriminate against fake system messages. “Hmmm… now the system is asking me to retype my paypal password. Oh well…”

If the system messages are obviously part of the chrome then a faked system message will at least be surprising (and hopefully viewed with suspicion) because of its physical location. “Why is this web-page asking me to enter my paypal password?”

My opinion on it is that the usability benefit for power users outweighs the security risk for less knowledgeable users. I know this is an elitist attitude, but it seems to me that hand-holding for security purposes is only appropriate when there is no negative usability downside.

In this case, it is clear to me that there is a huge usability gain from the new system (less distracting, cleaner, asks you _after_ seeing if worksthe password), and the only real downside is a potential security problem caused by users being more trusting of sites asking for their info.

Not to change the subject too much, but what are peoples’ thoughts on Safari’s keychain feature? Or is that a Mac thing bigger than just Safari? I had a Mac test box with Safari at my last job and I remember that one of the bugs I encountered was that it was asking if I wanted to save a password after entering a search query into a text input. Go figure!

The keychain is the Mac OS X system-wide password and certificate storage system. I’d like to see Firefox take advantage of it, but it’s not a huge deal for me either. The main advantage to it is that once a password for a site is stored in the keychain, any application that you use that needs access to that site can get the password from the central storage pool.

It’s also handy in that keychains are synchronized among all your Macs if you’re a .Mac user.